chris@yarra.oz.au (Chris Jankowski) (08/16/90)
I need a TCP/IP/Ethernet protocol analyser for general troubleshooting work in multivendor enviroment. It must be portable as I often work at customer sites. It must also be good at decoding protocols. I don't want to spend months ploughing through rims of hex dumps. I used Sniffer a few times and I was very happy with it. It has good intuitive user interface and decodes protocols nicely. I would love to get one but people who sell it here in Australia charge A$35k for a working set based on portable Compaq 386. On the other hand I know that a working analyser can be built for around A$6k here using a $2k software product from FTP Software and a PC portable with an Ethernet card. I am sure there exist something in between as well. Is Sniffer so much better to justify 6 times higher price? What are the deficiencies of the low end products? I would appreciate your comments based on your experiences with available products, their strengths and weaknesses and value for money factor. Comparisons to Sniffer, which I know and is probably a top end benchmark in this area will be especially useful. Many thanks in advance. I shall summarise to the net. -m------- Chris Jankowski - Senior Systems Engineer chris@yarra.oz{.au} ---mmm----- Pyramid Technology Corporation Pty. Ltd. fax +61 3 820 0536 -----mmmmm--- 11th Floor, 14 Queens Road tel. +61 3 820 0711 -------mmmmmmm- Melbourne, Victoria, 3004 AUSTRALIA (03) 820 0711 "Knowing how things work is the basis for appreciation, and is thus a source of civilized delight." -- William Safire
tmallory@BBN.COM (08/16/90)
Chrys, When we looked at ethernet analyzers a few years ago, the Sniffer was clearly the best of the portables, primarily because of its user interface and the fact that it worked. We did not select it because our own requirements were more oriented towards performance testing, and the best product in that area is the HP Lanalyzer(which is transportable :-). I will give you a brief picture of the Lanalyzer: The HP is the ONLY analyzer that can keep up, 100%, with anything being transmitted up to the maximum capacity of the wire, in real-time. It can tell you if that the average traffic is 10,373 pps: most others top out around 3000 pps. The HP's buffer for storing packets is average: like all(most?) of them, it will store back-to-back packets until the buffer is filled. The HP's transmitter and receiver are essentially independent. The HP has support for 16 full-size, fully specified packets for transmission. Most other analyzers only allow 1 packet for transmission, and many do not allow you to specify the full contents of the packet(I think one allows more packets, but not fully specifed=zero padded). The maximum packet transmission rate is about 10k packets per second, which is slightly lower than the Excelan product, but respectable. It will tell you exactly what the traffic rate is while transmitting at this rate. The Excelan product was very difficult to use(and I think could only send a single, not fully specified, packet at high speed). You can write simple programs with loops, received packet matching, counters, timers, and sending of the predefined test packets. The packet decoding on the HP is an extra package. You should look at a current version to see if it suits your needs. The packet filtering is pretty good, though not quite as general as some of the others(though I think it can look at ANY byte in the packet). If your operation gets large enough, a Sniffer and an HP make a good combination. Tracy
lars@spectrum.CMC.COM (Lars Poulsen) (08/17/90)
In article <64884@yarra.oz.au> chris@yarra.oz.au (Chris Jankowski) writes: > Is Sniffer so much better to justify 6 times higher price? Yes. If not, they would have gone out of business a long time ago. >What are the deficiencies of the low end products? In order to keep up with the traffic in promiscusous mode, you must have [1] a powerful CPU on the ethernet card [2] a large RAM on the ethernet card [3] hardware address filtering in order to capture traffic with multiple destination addresses that do not form a multicast group. This means that standard commercial ethernet PC cards are not the right thing to use. The special-engineered ethernet card is most of the premium cost. But the Sniffer's display and decoding software is also much more comprehensive than what is offered with the lowend devices. We have dozens of SUNs around here. They all come with the "Etherfind" and "traffic" utilities, right ? Yet when we need to look at the network traffic, we go and get the Sniffer, and put it on the desk next to that Sun. If you have used a Sniffer, you'll never be happy with a lowend monitor. If you can't afford the Sniffer, you'll learn to live with what you can afford. -- / Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
jbvb@FTP.COM (James B. Van Bokkelen) (08/17/90)
From: hub.ucsb.edu!spectrum.CMC.COM!lars@ucsd.edu (Lars Poulsen) This means that standard commercial ethernet PC cards are not the right thing to use. The special-engineered ethernet card is most of the premium cost. Lars, at least as of last winter Sniffers used a 3Com 3C505 interface that may have been modified, but not much; a customer reported being able to load and run both WIN/PC and PC/TCP for the 3C505 on it just fine. A LANAlyzer does use a special interface, but both cards are based on 82586 chips. James B. VanBokkelen 26 Princess St., Wakefield, MA 01880 FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901